Nearly two thirds of cybersecurity pros report rising stress amid complex threat landscape: ISACA 2024 research
Sixty-three percent of cybersecurity professionals in India say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology.
The annual study, sponsored by Adobe, showcases the feedback of more than 1,800 cybersecurity professionals worldwide on topics related to the cybersecurity workforce and threat landscape. According to the data from 122 Indian cybersecurity professionals, the top reasons for this increased stress are:
-An increasingly complex threat landscape (87 percent)
-Insufficiently trained staff (54 percent)
-Worsening hiring/retention challenges (53 percent)
-Lack of prioritisation of cybersecurity risks (44 percent).
-Low budget (40 percent)
Increasing cybersecurity attacks
In line with this sentiment around challenging threats, 29 % of Indian respondents say their organisations are experiencing increased cybersecurity attacks. These top attack types include social engineering (16 percent), malware (12 percent), denial of service (11 percent) and zero-day exploit (11 percent).
On top of that, more than one-fourth (28 percent) of respondents from India expect a cyberattack on their organisation in the next year, and more than half (57 percent) have a high degree of confidence in their team’s ability to detect and respond to cyber threats.
“Social engineering attacks, such as phishing, are a growing concern for organisations as human error remains a major factor in data breaches,” said Mike Mellor, VP of Cyber Operations at Adobe. “With the increasing frequency and sophistication of these attacks, it’s essential for organisations to adopt secure authentication methods to strengthen their defenses.
Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication, are essential in safeguarding any organisation.”
Resource challenges
Despite an increasingly difficult threat landscape, the survey shows cybersecurity budgets and staffing are not keeping pace. Nearly half (47 percent) say that cyber budgets are underfunded, and 49 percent expect budgets will increase in the next year.
In terms of hiring, 46 percent of India-based organisations say their cybersecurity teams are understaffed, and respondents in India indicate that:
-30 percent of organisations have no open positions.
-48 percent of organisations have non-entry level cybersecurity positions open.
-24 percent have entry-level positions open.
“Despite the increase in the awareness of cybersecurity threats, many organisations in India and even globally are still underfunding their cybersecurity budgets,” said RV Raghu, director, Versatilist Consulting India Pvt Ltd, and ISACA India Ambassador. “With 87% of Indian cybersecurity professionals identifying the complex threat landscape as a top stressor and 40% pointing to underfunded budgets, it is evident that organisations in India need to do more to support their cybersecurity teams. Hiring challenges combined with the increasing complexity of the attacks that we face today are putting a lot of pressure on cybersecurity teams. “It is time for organisations to rethink their approach, and focus on better resource allocation, enhanced training, and support systems to build resilient cybersecurity teams that are capable of withstanding future threats.”
Skills and retention trends
Employers in India seeking qualified candidates for open roles are prioritising prior hands-on experience (84 percent) and credentials held (51 percent).
Respondents from India indicate that the main skills gaps they see in cybersecurity professionals are cloud computing (48 percent) and security control implementation (40 percentage).
For the more than half of survey respondents in India (66 percent) that reported having difficulty retaining qualified cyber candidates, the main reasons for leaving included limited promotion and development opportunities (49 percent), poor financial incentives (42 percentage), high work stress levels (39 percent), lack of management support (39 percent), and limited remote work possibilities (39 percent).
“Employers should home in on the occupational stress their digital defenders are facing. This is an opportunity for employers to explore ways to support staff before burnout and attrition occur,” says Jon Brandt, ISACA Director, Professional Practices and Innovation. “Employees want to feel valued. As the leadership adage goes, take care of your people and they’ll take care of you.”